Jump to content

Recommended Posts

Hi! I have read all the threads concerning similar problems and saw one with Advanced Setup and ShadowPuterDude working on it extensively. While I have quite similar problems, I don't think mine is as bad so I have hope! Basically, I can't cut and paste (sometimes in notepad only), I can't run IE, Malware Bytes, AAWare, Calyx Point, and others. With AAware I get the error message "the service cannot be started." When I try to run MBytes I get the error "run time error 372. Failed to load control vbalGrid from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Please make sure you are using the control that was provided with your application." I have attempted all the proposed fixes that were "penned" in this forum and have tried renaming the Mbam file, etc. I have uninstalled and reinstalled MB and receive the same error. I have run 3 different virus scans, and while they knocked out some stuff early, they are now clean.

Please help me! I know this isn't the easiest topic, so I appreciate the help tremendously! xxx ooo Violet.

PS - I have followed the instructions and pasted the HiJack This log below as requested.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:24:50 PM, on 7/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Filseclab\xfilter\xfilter.exe

C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe

C:\Program Files\Common Files\Filseclab\FilMsg.exe

C:\Program Files\Mozilla Thunderbird 3 Beta 1\thunderbird.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rambler.ru/ri6

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {496bbe6e-9610-4b17-b3bd-21d152f23346} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {958482da-f8fb-4969-850f-c3877234154f} - (no file)

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: (no name) - {d3d3ece2-88e0-43d5-99dc-5b2c372f0012} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {F13451F1-5E82-439D-B704-250E78B3603C} - (no file)

O3 - Toolbar: Rambler-

Link to post
Share on other sites

Welcome to Malwarebytes !!! :lol:

Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Link to post
Share on other sites

Thank you SO MUCH for replying! Okay, I ran ComboFix and HJT and have pasted the logs below. Please read after the log, I have a "theory" I'd like to bounce off ya! :lol:

ComboFix 09-07-07.A2 - HP_Administrator 07/07/2009 19:18.2 - NTFSx86

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\tmp.reg

.

((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))

.

2009-07-08 00:53 . 2009-07-08 00:53 -------- d-----w- c:\windows\LastGood

2009-07-07 21:33 . 2009-07-07 21:33 -------- d-sh--w- c:\windows\ftpcache

2009-07-07 21:08 . 2009-07-07 21:31 -------- d-----w- c:\program files\Reimage

2009-07-07 17:03 . 2009-07-07 17:03 -------- d-----w- c:\windows\system32\CatRoot2

2009-07-07 15:55 . 2009-07-07 15:55 -------- d-----w- c:\program files\RegCure

2009-07-07 15:55 . 2009-07-07 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure

2009-07-06 19:24 . 2009-07-06 19:24 -------- d-----w- c:\program files\Trend Micro

2009-07-06 18:06 . 2009-07-06 18:06 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WinBatch

2009-07-06 17:24 . 2008-12-04 08:25 120832 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xacr1xmq.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll

2009-07-06 16:15 . 2009-07-06 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2009-07-06 00:57 . 2009-07-06 00:57 552 ----a-w- c:\windows\system32\d3d8caps.dat

2009-07-05 23:23 . 2009-07-05 23:23 0 ----a-w- c:\documents and settings\HP_Administrator\settings.dat

2009-07-05 17:52 . 2009-07-05 17:52 -------- d-----w- c:\windows\system32\oldcatroot3

2009-07-05 00:21 . 2007-08-02 05:47 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-07-04 20:12 . 2009-07-04 20:12 -------- d-sh--w- C:\found.001

2009-07-04 17:21 . 2009-07-04 17:21 -------- d-sh--w- C:\found.000

2009-07-04 16:18 . 2009-07-01 15:50 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys

2009-07-04 16:18 . 2009-07-01 15:50 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll

2009-07-04 16:18 . 2009-07-01 15:50 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll

2009-07-04 16:18 . 2009-07-01 15:50 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe

2009-07-04 16:18 . 2009-07-01 15:50 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll

2009-07-04 16:18 . 2009-07-01 15:50 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll

2009-07-04 16:18 . 2009-07-01 15:50 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll

2009-07-04 16:18 . 2009-07-01 15:50 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe

2009-07-04 16:17 . 2009-07-01 15:48 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe

2009-07-04 16:17 . 2009-07-01 15:48 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll

2009-07-01 23:20 . 2009-07-01 23:20 -------- d-----w- c:\program files\DocuSign Print Driver

2009-07-01 16:19 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll

2009-07-01 15:57 . 2009-07-01 15:57 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AVG Security Toolbar

2009-07-01 15:51 . 2009-07-01 15:50 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe

2009-07-01 15:51 . 2009-07-01 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-06-30 23:37 . 2009-06-30 23:37 -------- d-----w- c:\program files\Microsoft Silverlight

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-08 02:04 . 2009-01-08 17:07 -------- d-----w- c:\program files\Mozilla Thunderbird 3 Beta 1

2009-07-07 23:42 . 2009-07-07 23:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}

2009-07-07 15:52 . 2009-07-07 15:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}

2009-07-06 15:26 . 2006-05-08 05:28 -------- d-----w- c:\program files\Panda Security

2009-07-06 01:32 . 2009-05-30 02:14 73 ---h--w- c:\windows\popcreg.dat

2009-07-06 01:32 . 2009-05-30 00:42 25 ----a-w- c:\windows\popcinfot.dat

2009-07-05 16:29 . 2009-05-13 19:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2009-07-05 07:31 . 2009-03-26 03:29 -------- d-----w- c:\program files\a-squared Free

2009-07-04 21:15 . 2008-03-05 05:31 -------- d-----w- c:\program files\Coupons

2009-07-04 16:17 . 2008-11-25 17:31 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-03 16:56 . 2009-05-12 22:57 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-07-01 23:20 . 2006-08-15 00:55 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-01 15:50 . 2008-11-25 17:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-01 15:50 . 2008-11-25 17:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-30 20:03 . 2009-06-18 04:26 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2009-06-27 18:15 . 2008-12-31 16:15 -------- d-----w- c:\program files\eMusic Download Manager

2009-06-27 05:25 . 2008-06-16 04:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype

2009-06-19 13:00 . 2008-12-10 17:14 3833856 ----a-w- c:\windows\system32\cdintf300.dll

2009-05-30 00:41 . 2009-05-30 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games

2009-05-30 00:41 . 2009-05-30 00:41 -------- d-----w- c:\program files\PopCap Games

2009-05-29 15:14 . 2009-05-29 15:14 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe

2009-05-29 15:14 . 2009-05-22 23:29 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-05-25 00:42 . 2009-05-25 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap

2009-05-25 00:21 . 2009-05-25 00:21 3584 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2009-05-25 00:21 . 2009-05-25 00:21 -------- d-----w- c:\program files\Windows Installer Clean Up

2009-05-25 00:21 . 2009-03-12 22:40 -------- d-----w- c:\program files\MSECache

2009-05-22 02:06 . 2007-01-11 16:30 20538 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat

2009-05-22 01:58 . 2009-05-22 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative

2009-05-19 17:27 . 2009-02-10 18:20 -------- d-----w- c:\program files\Citrix

2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll

2009-05-18 19:38 . 2009-01-24 16:44 -------- d-----w- c:\program files\eFax Messenger 4.4

2009-05-13 22:25 . 2006-08-15 00:53 95176 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-13 19:14 . 2009-05-13 19:15 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-05-13 19:14 . 2009-05-13 19:14 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys

2009-05-13 19:10 . 2006-12-26 21:29 -------- d-----w- c:\program files\Lavasoft

2009-05-12 23:36 . 2006-08-15 00:59 -------- d-----w- c:\program files\DivX

2009-05-12 22:56 . 2009-05-12 22:30 -------- d-----w- c:\program files\OpenOffice.org 3

2009-05-12 22:55 . 2009-05-12 22:55 -------- d-----w- c:\program files\JRE

2009-05-12 22:32 . 2009-05-12 22:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org

2009-05-12 22:30 . 2009-02-11 18:39 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-12 22:11 . 2007-03-08 18:00 -------- d-----w- c:\program files\Google

2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr

2007-11-07 06:12 . 2007-11-07 06:12 251 -c--a-w- c:\program files\wt3d.ini

.

------- Sigcheck -------

Cryptography Services Error !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]

"XFILTER"="c:\program files\Filseclab\xfilter\xfilter.exe" [2006-12-23 901120]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-01 15:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\ooVoo\\ooVoo.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-30 1029456]

R3 V0230Vfx;V0230Vfx;c:\windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 6272]

R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\DRIVERS\V0230VID.sys [2006-09-29 500480]

R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-13 64160]

S0 XPacket;Filseclab Packet Filter;c:\windows\System32\xpacket.sys [2006-12-23 126224]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-04 335752]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-01 298776]

S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\DRIVERS\WlanUIG.sys [2004-05-17 347648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

QWAVE REG_MULTI_SZ QWAVE

.

Contents of the 'Scheduled Tasks' folder

2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

- - - - ORPHANS REMOVED - - - -

BHO-{496bbe6e-9610-4b17-b3bd-21d152f23346} - (no file)

BHO-{958482da-f8fb-4969-850f-c3877234154f} - (no file)

BHO-{d3d3ece2-88e0-43d5-99dc-5b2c372f0012} - (no file)

BHO-{F13451F1-5E82-439D-B704-250E78B3603C} - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.rambler.ru/ri6

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: c:\program files\Filseclab\xfilter\XFILTER.DLL

TCP: {1C022DDD-92C3-4C0B-9802-76668CEA814C} = 208.67.220.220,208.67.222.222

TCP: {70C4B831-6154-40DB-B9B3-8154679587B4} = 208.67.220.220,208.67.222.222

TCP: {892900FC-9814-4488-99C0-81491C1EE93D} = 208.67.220.220,208.67.222.222

TCP: {8CCA8439-C968-4ED9-B059-FDE366C19617} = 208.67.220.220,208.67.222.222

TCP: {95AE6DD9-300D-455F-AFBF-2A8741BD9408} = 208.67.220.220,208.67.222.222

TCP: {AA1E7DDC-F4A3-4285-8B78-A210312AAC93} = 208.67.220.220,208.67.222.222

TCP: {D0DD28C5-0BBB-4263-B511-78D0E7A3472E} = 208.67.220.220,208.67.222.222

TCP: {FCC18A5D-3220-41CB-80BD-B74A320B8C1E} = 208.67.220.220,208.67.222.222

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xacr1xmq.default\

FF - prefs.js: browser.search.selectedEngine - Rambler

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.enabled - false

FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCltInstall.dll

FF - plugin: c:\program files\Windows Media Player\npatgpc.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-07 19:24

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

Completion time: 2009-07-08 19:27

ComboFix-quarantined-files.txt 2009-07-08 02:27

ComboFix2.txt 2009-07-05 23:01

Pre-Run: 177,544,859,648 bytes free

Post-Run: 177,573,621,760 bytes free

201 --- E O F --- 2009-04-16 02:44

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:35:06 PM, on 7/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\a-squared Free\a2service.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Filseclab\xfilter\xfilter.exe

C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rambler.ru/ri6

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {496bbe6e-9610-4b17-b3bd-21d152f23346} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {958482da-f8fb-4969-850f-c3877234154f} - (no file)

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: (no name) - {d3d3ece2-88e0-43d5-99dc-5b2c372f0012} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {F13451F1-5E82-439D-B704-250E78B3603C} - (no file)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User '?')

O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User '?')

O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1C022DDD-92C3-4C0B-9802-76668CEA814C}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{70C4B831-6154-40DB-B9B3-8154679587B4}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{8CCA8439-C968-4ED9-B059-FDE366C19617}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{95AE6DD9-300D-455F-AFBF-2A8741BD9408}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA1E7DDC-F4A3-4285-8B78-A210312AAC93}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{D0DD28C5-0BBB-4263-B511-78D0E7A3472E}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC18A5D-3220-41CB-80BD-B74A320B8C1E}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\..\{1C022DDD-92C3-4C0B-9802-76668CEA814C}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip\..\{1C022DDD-92C3-4C0B-9802-76668CEA814C}: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 9728 bytes

You all are the experts - so this is just my THEORY! I have been reading ALL over the net about trying to fix this for days. I think a big part of my problem is that I'm unable to "start" Windows Installer because I am unable to "start" RPC Services. It seems I am stuck in a loop, b/c Installer won't start without RPC, RPC won't start, and the Cryptographic Errors I am receiving come from not being able to start Installer! I have looked all around and tried just about everything to get the RPC to start but to no avail. I don't know if that helps you at all or not, but it is just my guess.

Thanks again and God Bless.

xxx ooo

Violet

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

I aplogize for the delay but circumstances beyond my control have prevented me from responding.

You're best bet at this time is to start a NEW post and reference this current post so that someone else can assist you.

I will be out of town for the next week and probably will not have access to assist you with this.

I'm very sorry to have to do this - if no one has helped you in a new post by Tuesday of next week then send me a Private Message and I will help you at that time, but hopefully someone else can pick up and help you before that.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Well I assume since I don't have a private message from you that someone has already helped you. I'll close your post now and if you do need help then let me know and I can open it again.

Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.